Connect2id server 7.16 with token introspection update
This is a mini update to the Connect2id server which updates the token introspection endpoint to include the optional expiration (“exp”) parameter in the response for identifier-based access tokens.
This update also fixes two issues. See the release notes below for more information.
Download
To download a ZIP package of Connect2id server 7.16:
https://c2id-downloads.s3.eu-central-1.amazonaws.com/server/7.16/Connect2id-server.zip
SHA-256: b85b9fea360c38b2287c5f44559c9cc3092aa6bad6eec013504f824107659486
As WAR package only:
https://c2id-downloads.s3.eu-central-1.amazonaws.com/server/7.16/c2id.war
SHA-256: d3db91263ad1773fa475f1003ed3f53144629fb0983c3e0de1fea8396930a2d5
Questions?
Contact Connect2id support.
Release notes
7.16 (2019-09-09)
Web API
- /token/introspect – Includes the optional expiration (exp) parameter in introspection responses for identifier-based access tokens. See OAuth 2.0 Token Introspection (RFC 7662), section 2.2.
Resolved issues
-
Fixes a bug which resulted in a HTTP 500 error when reading an OAuth 2.0 client registration with an empty JWK set (“jwks”) from DynamoDB (issue server/480).
-
Fixes a bug which affected setting of the “exp” and potentially other JWT claims in calls to the AccessTokenIssueEventListener SPI (issue authz-store/164).
Dependency changes
- Updates to com.nimbusds:oauth2-authz-store:12.4